Microsoft to Put Patch Service to the Test

WEBINAR:On-Demand

A beta version of Microsoft Update will enable consumers as well as SMBs to automatically download security and performance patches for Windows enterprise applications.

Microsoft Corp. Tuesday confirmed that it will release in March a beta version of what it is calling a unified software update service for consumers and small and midsize businesses.
Called Microsoft Update, the service will provide a single location for users to get security and performance patches for Windows XP, Windows 2000, Windows Server 2003, Office 2003 and Exchange Server 2003.

Microsoft Update is designed to be "a superset of Windows Update, which will continue to exist" as a security and performance patch server for system administrators for medium and large enterprises, said Gary Schare, Microsoft's director of security product management in Redmond, Wash.

Both Microsoft Update and Windows Update are designed to give users and administrators a single place where they can go to get security and performance patches for Microsoft products.

Before these automatic updates sites were established, customers had to go to a variety of Microsoft product sites to get security and performance updates. "Customers have asked us to give them a single place where they could go" to get software updates," said Schare.

In his keynote address at the annual RSA security conference in San Francisco Tuesday, Microsoft Chairman Bill Gates confirmed that the final version of the Windows Update service will be available in the first half of this year.

Schare said Microsoft is building the beta pool from corporate customers who have used the Windows Update service "so we can test all the scenarios that we want to test and get [the Microsoft Update service] ready for release early next year."

Last July, Microsoft announced that it was delaying the Microsoft Update and Windows Update services because both were dependent on the release of Windows Update Version 5, the most recent release of the patch delivery technology that was due to go live simultaneously with Windows XP Service Pack 2. In 2004, Windows Update was formerly known as Software Update Services 2.0.

Microsoft officials claim that during 2004 there was a 400 percent increase in the number of PCs that were being automatically updated through the earlier Software Update and Windows Update services.

However, Michael Cherry, senior analyst for Windows and mobile technology with the Directions on Microsoft newsletter, said he thought that even two separate sites for software patches were too many.

"My initial reaction is that the whole thing is confusing," Cherry said. He said he thought that the goal of the whole process was to provide a single site where Microsoft customers, whether they were home consumers or corporate administrators, could go to get critical software patches.

Part of the problem was that Microsoft was using "something like eight different patching technologies," and this compounded the confusion for customers for whom "it was not just a question of how you got the patches, but it was also about how the patch was installed," he said.

"Gates and [Microsoft CEO Steve] Ballmer promised that Microsoft was going to get down to no more than two patching technologies," he said. But Cherry contends that consumers will still face confusion if they have to go to more than one place to get security and performance patches.

The process "could get even more confusing if you have to go someplace else to get your spyware updates," he said.

The beta test program will likely be an important opportunity for Microsoft to learn whether update services will be effective in giving customers a simple and reliable way to get software patches, Cherry said.

This depends on whether "they have enough people from different market segments, with different technology scenarios, taking part" in the beta program, Cherry said. Microsoft needs "to get feedback across all the customer segments that they have," he said.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

John Pallatto is eWEEK.com's Enterprise Applications Center editor. His near 30 years of experience as a professional journalist began as a member of the founding staff of PC Week in March 1984. Pallatto was PC Week's West Coast bureau chief, a senior editor at Ziff Davis' Internet Computing magazine and the West Coast bureau chief at Internet World magazine.